The present invention relates to Cyber security and, more particularly, to a method and a product for providing a predictive security product and a method and product for evaluating existing security systems.
A cat-and-mouse race is being held between Internet security vendors and hackers: While security vendors issue static and dynamic signatures and detection patterns to recognize malware, all hackers need to do is perform minor changes in the already identified and documented malware and thereby systematically evade these detection methods. This is a vast and common phenomenon: more than 99% of new malware is actually re-used malware, at least in part, with minor changes.
Various attempts have been made to provide malware detection suites and security packages that protect individual users and corporate networks from various types of malware and unwanted intrusions. All of the known malware detectors use reactive approaches and relevant technology that safeguards against known computer viruses, known attack methods, known malware behavior, known malware patterns, known vulnerabilities, known exploits and the like. No vendors, products or packages provide technology for predicting and safeguarding against future malwares, in a predictive and proactive manner. Furthermore, great difficulty exists in deciding which security product is better than which, in an objective and empirical manner.
It would be highly advantageous to have a method, computer program product and system for predicting future malware and protecting against such potential malicious programs. It would furthermore be highly advantageous to have a means to evaluate and benchmark security products' ability to compete in this race.